Bug 653135

Summary: RFE: vlock should be able to lock terminals when execute from a daemon
Product: Red Hat Enterprise Linux 6 Reporter: Gal Hammer <ghammer>
Component: vlockAssignee: Karel Zak <kzak>
Status: CLOSED NOTABUG QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: iheim, tmraz
Target Milestone: rcKeywords: FutureFeature
Target Release: ---Flags: ghammer: needinfo+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-15 13:08:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 565939, 641886    

Description Gal Hammer 2010-11-14 16:20:23 UTC 
In RHEV-M, when a user, using a SPICE client to connect to a guest, close the connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the execution always fails.

It is possible to lock the virtual terminals this way?
Comment 2 Karel Zak 2010-11-15 11:06:59 UTC 
(In reply to comment #0)
> In RHEV-M, when a user, using a SPICE client to connect to a guest, close the
> connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent
> daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the
> execution always fails.

What does it mean "execution fails"? (do you have any error message?)

> It is possible to lock the virtual terminals this way?

I think that "vlock -a"  makes sense on standard consoles (tty0 ... tty16) on machines where all consoles are accessible from the same physical place.

The "vlock -a" does not lock all consoles, it locks the *current console* and  controls switching between consoles (e.g. Alt-Fn keys). So after "vlock -a" you cannot use or leave the current console without a valid password. That's all.
Comment 3 Gal Hammer 2010-11-15 12:33:56 UTC 
(In reply to comment #2)

> What does it mean "execution fails"? (do you have any error message?)

I'm using Python's subprocess.call. The function returns 1 when I execute vlock.

> The "vlock -a" does not lock all consoles, it locks the *current console* and 

I'm okay with this behavior. The problem is that I'm executing vlock as a daemon which doesn't have a *current console* to lock.
Comment 4 Karel Zak 2010-11-15 13:08:58 UTC 
vlock opens /dev/tty, this special device is associated with the current process terminal. 

Yes, it probably does not makes sense to call vlock -a from any daemon if the daemon is outside the current session (terminal).

I have no clue how to fix your problem. Try to ask at tech-list.
Comment 5 Tomas Mraz 2010-11-15 13:38:05 UTC 
IMO the most appropriate way for locking the consoles on a guest is to reserve one of the consoles for the vlock and in case of timeout switch into this console and run vlock -a in it.
Comment 6 Gal Hammer 2010-11-15 13:57:19 UTC 
(In reply to comment #5)
> IMO the most appropriate way for locking the consoles on a guest is to reserve
> one of the consoles for the vlock and in case of timeout switch into this
> console and run vlock -a in it.

Thanks. I'll try it.